The Windows Malicious Software Removal Tool: A Complete Guide

Microsoft maintains an important tool for Windows users called the Malicious Software Removal Tool. If you have been using a Windows system (including Windows 7, Windows 10, and Windows 11) without any antivirus software for some time, it is a good idea to use this tool to scan for malware that may infect your system.

It’s more of a checkup tool when you know your system has been at risk of malware. Typically, anti-virus and anti-malware software such as Windows Defender that runs automatically blocks anything that the Microsoft Windows Malicious Software Removal Tool finds. So, if you have good virus protection, you shouldn’t worry about running this tool.

What is the Windows Malicious Software Removal Tool?

A new version of the Windows Malicious Software Removal Tool is usually included at least once a month in a Windows update. This means that the tool is updated frequently, so it’s a good idea to download the latest copy from Microsoft when you plan to use it.

The tool is quite simple and quick to use. There are two modes for the Malicious Software Removal Tool.

• Publish update note: If Microsoft installs the latest version of the tool after an update, it will automatically run in the background and you will never know unless it finds an infection. In this case, a report will appear, informing you that the malware has been discovered and removed.
• By hand: You can download and run the latest version as a standalone tool. It will work in the foreground and show you a status while it scans. Once done, it will show you the same report which will tell you if any malware or spyware was found and cleaned.

The malware removal process, in any case, will not be fully completed until you restart your computer.

The original version of this tool was created in response to major threats to the Windows XP operating system in 2014. These threats included Trojans and worms such as Blaster, Sasser, and Mydoom. Since then, the tool has been extended to cover all the latest threats against the latest versions of Microsoft’s Windows operating system.

To note: This tool only targets what Microsoft calls “prevalent malware families only”. Microsoft recommends using Microsoft Security Scanner for a full and comprehensive scan of the latest malware threats.

How to Use the Windows Malicious Software Removal Tool?

Never rely solely on a regularly run malware removal tool to protect your system. You should always install and run an antivirus tool in the background. There are even free antivirus tools that work effectively to protect your system, such as Malwarebytes. You should also make sure that Windows Firewall and Windows Defender are enabled.

If you use such software, you will never have to manually run the Windows Malicious Software Removal Tool. However, there are times when the tool is useful to run.

• After a Windows update, if the latest version of the tool is included, it will automatically run in the background.
• By changing anti-virus software, your computer will work and may be connected to the Internet without any protection.
• Accidentally leaving your computer connected to the internet without any anti-virus software for a significant period of time.
• If you’re using antivirus software that you don’t trust, you’re doing a thorough job of protecting your computer.

Never run the Windows Malicious Software Removal Tool as an alternative to running antivirus software. Antivirus and antimalware software works non-stop in the background to prevent malware from installing on your system in the first place.

Even running the tool on a regular weekly or even daily schedule will put your computer at risk. Antivirus software will prevent malware from installing on your system, while the Windows Malicious Software Removal Tool is the last resort if you suspect your system is already infected.

Running the Malicious Software Removal Tool Manually

While it’s a good idea to run this tool if you find yourself in any of the situations listed above, be sure to follow up by also installing and running a scan with an antivirus application afterward. This should detect anything that the malware removal tool might have missed.

1. Once you have downloaded the tool from Microsoft’s download page, run it and follow the installation process. On the initial screen, you just need to select the following.

If you are curious about what malware the tool is looking for, you can select the link to view the list of malware in this window.

2. In the next window, you can choose the type of analysis.

Here’s what each scan type does:

• quick scan: This is a scan focused on system folders such as System32, where malware usually resides.
• Full analysis: This operation analyzes the whole system and can take several hours.
• personalized analysis: You can provide the tool with specific folders that you want it to scan.

3. You will then see a progress bar as the tool scans your system folders and files. As the scan progresses, if infections are detected, you will see the number next to “Infected Files” change from 0.

4. Once the scan is complete, hopefully, a window like the one below will appear telling you that no malware was found.

5. If malware is detected, a report listing the detected and fixed issues is displayed. At this point, you will need to restart your system for the changes to take effect and for your system to be fully cleaned.

To note– You can view a full report of the malware that has been scanned by selecting View detailed scan results. This is a very long and detailed list of each type of malware scanned and the scan results.

There is also a log file stored on your system which you can view at %WINDIR%debugmrt.log. By default, if your drive letter is C:, this path would be C:Windowsdebugmrt.log by default. You can use Notepad to open this file and view the scan results.

Again, in most cases, you should never have to manually run this tool. It is included in Windows Updates almost every month with a new version of the tool. As long as Windows updates are enabled on your system, you can trust this tool to run automatically. You will only be notified if malware is detected on your system.